Hi!
> > >write a CD anyways". I find this wrong, J??rg finds it correct and argues
> > >"if you can access /dev/hdc as unprivileged user, that's a security
> > >problem".
> >
> > If you can access a _harddisk_ as a normal user, you _do have_ a security
> > problem. If you can access a cdrom as normal user, well, the opinions
> > differ here. I think you _should not either_, because it might happen that
> > you just left your presentation cd in a cdrom device in a public box. You
> > would certainly not want to have everyone read that out.
>
> Do you want everybody to be able to read or format a floppy disk?
Why not... if I'm on box without network access, for example.
> > SUSE currently does it in A Nice Way: setfacl'ing the devices to include
> > read access for currently logged-in users. (Well, if someone logs on tty1
> > after you, you're screwed anyway - he could have just ejected the cd when
> > he's physically at the box.)
>
> It may make sense to do something like this for the user logged into the
> console. In general it is a security problem.
Violent agreement here. For some uses, 99% of users are logged onto
the console.
Pavel
--
Thanks, Sharp!
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]